CVE-2024-42019

8.0

High

Published:7 Sep 2024

Last updated:17 Jun 2026

Source:support@hackerone.com

Analyzed

Weakness (CWE)

CWE-200Exposure of Sensitive Information

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.

References

support@hackerone.com

https://www.veeam.com/kb4649